Educause Security Discussion mailing list archives
Re: phishing link using Google...
From: Michael Hornung <hornung () CAC WASHINGTON EDU>
Date: Wed, 30 Nov 2005 08:44:53 -0800
Hi Gary. One benefit of redirecting phishing targets through Google is so enterprises can't block the phishing site for their constituency using perhaps more traditional means - via DNS or advertising bogus routes for the destination web server's IP address. Since the destination is Google, and most places aren't going to block all HTTP traffic to Google to block a given phishing scam, it's harder to block users from getting to the site. In this instance one would have to do more - maybe work with Google to break the redirection on their end, or use an IDS or IPS to block the traffic based purely on the URI inside the TCP connections to Google. ____________________________________________________ Michael Hornung Computing & Communications hornung () washington edu University of Washington On Wed, 30 Nov 2005 at 10:04, Gary Flynn wrote: |Out of curiosity, why would someone use Google as the |start point of a phishing link? Is it just so something |familiar is near the front for anyone looking at it? | |<a |href="http://www.google.pt/url?sa=U&start=4&q=http://203.52.104.73/images/.../.pcb.peoples.com/">www.peoples.com</a> | |It works if the initial URL is www.google.com too.
Current thread:
- phishing link using Google... Gary Flynn (Nov 30)
- <Possible follow-ups>
- Re: phishing link using Google... Michael Hornung (Nov 30)
- Re: phishing link using Google... Robert Kerr (Nov 30)
- Re: phishing link using Google... A. J. Wright (Nov 30)
- Re: phishing link using Google... Jeni Li (Nov 30)
- Re: phishing link using Google... Gary Flynn (Nov 30)